Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24334
HistoryJul 28, 2010 - 12:00 a.m.

[MajorSecurity SA-079]PHPKIT WCMS - Multiple stored Cross Site Scripting Issues

2010-07-2800:00:00
vulners.com
26

[MajorSecurity SA-079]PHPKIT WCMS - Multiple stored Cross Site Scripting Issues

Details

Product: PHPKIT WCMS
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.phpkit.com/
Advisory-Status: published

Credits

Discovered by: David Vieira-Kurz of MajorSecurity

Original Advisory

http://www.majorsecurity.net/phpkit-wcms-xss-stored.php

Affected Products:

PHPKIT WCMS 1.6.5
Prior versions may also be vulnerable

Description

"PHPKIT WCMS is an Content Management System."

More Details

We at MajorSecurity have discovered some vulnerabilities in PHPKIT WCMS 1.6.5, which can be exploited by
malicious people to conduct persistent cross-site scripting attacks. Input passed directly to the
"gbook_welcome" parameter in "/de/pk/include.php?path=config&mode=guestbook" and to the "rss_page_text"
parameter in "/de/pk/include.php?path=config&mode=rssfeed" is not properly sanitised before being stored and
returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser
session in context of an affected site.

Solution

Web applications should never trust on user generated input and therefore sanatize all input. Edit the source
code to ensure that input is properly sanitised.

MajorSecurity

MajorSecurity is a German sourcecode audit and penetration test company which focuses on (web-)application
security. We offer professional source code audit, penetrationstest and pci dss compliance tests. Visit us at
http://www.majorsecurity.net/source-code-audit.php